I believe the DirecTV caller is correct
November 26, 2016 at 3:54 PM #5060
I will state up front that I am in no way connected to the satellite TV industry. So I can ONLY speak to the likelihood of something, rather than speak authoritatively on the following. But I think I make some compelling arguments.
As far as I can tell, it was only the DVRs made by XiongMai Technologies which participated in the Mirai/Dyn attacks. The sites that I read talking about the subject of manufacturers of the DVRs distributed by DirecTV included many major electronics manufacturers, such as LG, Sony, Philips, RCA, Toshiba, Samsung, Zenith, and so on, with no menion at all of XiongMai. Since all these manufacturers have all the engineering, board layout, component supply chain(s), assembly, etc. facilities for making such a device, I think it’s quite unlikely that these companies would rebadge a XiongMai unit only to have DirecTV rebadge it yet again.
The caller also had an extremely compelling argument. If his DVR’s only connection is to the satellite dish, and not network of any kind, its utility in a DDoS attack would be extraordinarily limited.
If it were DirecTV DVR receivers involved in these attacks as Nick proposed, I am relatively certain someone would have reported that significant traffic came from AT&T’s Internet addresses. I think it’s also extraordinarily unlikely that network traffic generated from their customers’ systems would be allowed to be routed to the Internet. Even if the source addresses were spoofed, it’s less likely still that the AT&T networking engineers would allow reverse path filtering not to have an effect (that is to say, ain’t nuttin’ coming out of their Internet interfaces which has anything but an AT&T source address). I will also contend it is likely that AT&T has an IDS which would very much call into question if all the sudden a significant proportion of their traffic were destined for the Dyn addresses. In other words, it would be out of the ordinary for their traffic to have a concentration of a particluar collection of destination IP addresses (whether it’s Dyn or anyone else), and would notify their operations teams if such a thing were going on, or may even stop the traffic flows itself.
Therefore, the only likely viable way to attack a target using a DirecTV DVR would be to use the Internet connection of the DirecTV customer, not DirecTV’s (AT&T’s) Internet. And as stated earlier, I cannot say definitively, but I strongly believe AT&T is not using any DVRs involved with the Mirai botnet(s). I’m also not asserting these DVRs are free from vunlerablities, just saying evidence so far says it’s unlikely they are able to be hijacked.
I’m also not definitive on this one, but I’m relatively sure AT&T has their own satellite-based network for distributing the EPG, meaning a DTV box never needs an Internet connection to find guide data, either for on-screen viewing or scheduling DVR recordings. Also, from reading a few Web pages, it looks like the only satellite dishes which are bidirectional (transmit as well as receive) are those which perform Internet access service (HughesNet, WildBlue, etc.). This excludes the vast majority of satellite TV customers. Otherwise, there would be no reason whatsoever to put Ethernet and/or Wi-Fi hardware in the receivers and DVRs, it would just use the dish all the time.December 22, 2016 at 10:07 PM #5165
I think DishNet & DirecTV would
to have 2-way communication so that they could be an isp & compete with cable. But, alas, it doesn’t go that way.
My connection from my dishnet box failed, and I was given dire warnings to fix it or else I would not be able to order on-demand PPV programs. If Dishnet had any 2-way communication, surely they would allow ordering PPV via satellite.
It turns out that the box will work quite well without an internet connection if you can live without PPV!
You must be logged in to reply to this topic.